Apache HTTP Server Version 1.3

Upgrading to 1.3 from 1.2

In order to assist folks upgrading we are now going to
maintain a document describing information critical to existing
Apache users. Note that it only lists differences between
recent major releases, so for example, folks using Apache 1.1
or earlier will have to figure out what changed up to Apache
1.2 before this document can be considered relevant. Old users
could look at the src/CHANGES file which tracks
code changes.

These are intended to be brief notes, and you should be able
to find more information in either the New Features document, or in
the src/CHANGES file.

Compile-Time Configuration Changes

The source code has been reorganized, which affects anyone
with custom modules or modifications. But also, the
Module directive has been changed to the
AddModule directive.

The Configuration variable
EXTRA_LFLAGS has been renamed
EXTRA_LDFLAGS.

The -DMAXIMUM_DNS definition has been
obsoleted by changes to mod_access enforcing
double-reverse DNS lookups when necessary.

The -DSERVER_SUBVERSION=\"string\"
compile-time option has been replaced with the run-time API
call ap_add_version_component(). Compile-time
modification of the server identity by the configuration
scripts is no longer supported.

IRIX systems with untrusted users who can write CGIs
which execute as the same uid as httpd should consider using
suexec, or adding
-DUSE_FCNTL_SERIALIZED_ACCEPT to
EXTRA_CFLAGS. This is slower, more information
is available on the performance tuning
page. There is a mild denial of service attack possible
with the default config, but the default config is an order
of magnitude faster.

mod_auth_msql has been removed from the
distribution.

The new Apache Autoconf-style Interface (APACI) was added
to the top-level to provide a real out-of-the-box build and
installation procedure for the complete Apache package.

Run-Time Configuration Changes

There have been numerous changes to the default config
files. Ensure that you compare your existing configuration
files with the new ones to ensure there aren't any
undesired differences. In particular:

As of Apache 1.3.0, the current config files apply
different Options and
AllowOverride
settings to various directories than were used in
1.2.

As of the release following Apache 1.3.3, the three
config file templates have been merged into
httpd.conf-dist and the order of the
directives changed.

As of 1.3.2, mod_expires will
add Expires headers to content that does not come from a file
on disk, unless you are using a modification time based
setting. Previously, it would never add an Expires header
unless content came from a file on disk. This could result in
Expires headers being added in places where they were not
previously added.

Standalone FancyIndexing
directives are now combined with the settings of any
IndexOptions directive already in effect, rather
than replacing them.

AuthName strings will need to be
quoted in .htaccess or server
configuration files if they contain blank characters (like
spaces). For example, if you use an AuthName
directive like this:

AuthName This and That

you will need to change it to

AuthName "This and That"

This change was made for consistency in the config
language.

As of Apache 1.3.1, methods listed in
<Limit> directives must be
uppercase. Method names, such as GET,
POST, and PUT are defined as
being case-sensitive. That is, a GET request
is different from a get request. Prior to
Apache 1.3.1, the <Limit> directive
parser incorrectly treated both of these as being the same.
Apache's built-in method limit processing currently only
understands uppercase method names, so if you've used
clauses such as
"<Limit Get post>" in your
configuration files, you need to correct them to use
uppercase names.

Unrecognized method names in the server configuration
files will result in the server logging an error message
and failing to start. In .htaccess files,
unknown methods will cause the server to log an error to
its error log and return an 'Internal Server Error' page to
the client.

The default Apache ServerRoot directory
changed from the NCSA-compatible
/usr/local/etc/httpd/ to
/usr/local/apache/. This change covers only the
default setting (and the documentation); it is of course
possible to override it using the -d ServerRoot and
-f httpd.conf switches when starting apache.

Folks using HTTP/1.1-style virtual hosting will need to
list the ip:port pairs that are supposed to have
HTTP/1.1-style virtual hosting via the NameVirtualHost
directive (one directive per pair). Previously this support
was given implicitly on the "main server address". Now it has
to be explicitly listed so as to avoid many problems that
users had. Please see the Apache Virtual
Host documentation for further details on
configuration.

The precedence of virtual hosts has been reversed
(applies mainly to vhosts using HTTP/1.1 Host: headers, and
the ServerPath
directive). Now the earlier vhosts in the file have
precedence over the later vhosts.

HostnameLookups defaults to Off.

REMOTE_HOST CGI variable
changed. In Apache 1.2 and earlier, the
REMOTE_HOST environment variable made available
to CGI scripts was set to either the full DNS name of the
client, or else to the client's IP address if the name was
not known. This behavior differed from that specified by the
CGI specification, which defines this variable as being NULL
if the name isn't known. In Apache 1.3, we have made this
correction. REMOTE_ADDR always contains the
client's IP address, but REMOTE_HOST is only
defined when the server has been able to determine the
client's DNS name.

The undocumented mod_access syntax
"allow user-agents" was removed. The replacement is the more
general "allow from env".

When using wildcards in pathnames (such as * and ?) they
no longer match / (slash). That is, they more closely behave
how a UNIX shell behaves. This affects
<Directory> directives, for example.

If no TransferLog directive is given then
nothing will be logged. (Previously it would default to
logs/access_log.)

When booting, Apache will now detach itself from stdin,
stdout, and stderr. stderr will not be detached until after
the config files have been read so you will be able to see
initial error messages. After that all errors are logged in
the error_log. This makes it more convenient to start Apache
via rsh, ssh, or crontabs.

<Files> sections previously could take a full
pathname, and were matched against the full pathnames. This
had some inconsistencies, and was removed. To emulate this
older behavior use a <Files> section nested inside a
<Directory> section.

Misc Changes

ServerType inetd has been deprecated. It
still exists, but bugs are unlikely to be fixed.

httpd_monitor has been deprecated. The
replacement is to use mod_status and make a
request to a URL such as
http://myhost/server-status?refresh=10.

Apache now provides an effectively unbuffered connection
for CGI scripts. This means that data will be sent to the
client as soon as the CGI pauses or stops output;
previously, Apache would buffer the output up to a fixed
buffer size before sending, which could result in the user
viewing an empty page until the CGI finished or output a
complete buffer. It is no longer necessary to use an "nph-"
CGI to get unbuffered output. Given that most CGIs are
written in a language that by default does buffering
(e.g., perl) this shouldn't have a detrimental
effect on performance.

"nph-" CGIs, which formerly provided a direct socket to
the client without any server post-processing, were not
fully compatible with HTTP/1.1 or SSL support. As such they
would have had to implement the transport details, such as
encryption or chunking, in order to work properly in
certain situations. Now, the only difference between nph
and non-nph scripts is "non-parsed headers".

dbmmanage has been overhauled.

Third Party Modules

The following changes between the 1.2 and 1.3 API may
require slight changes in third party modules not maintained by
Apache.

To avoid symbol clashes with third-party code compiled
into the server, the general prefix `ap_' was
globally applied to the following classes of symbols: Apache
provided general functions (e.g.,
ap_cpystrn), public API functions
(e.g., palloc, bgets) and
private functions which can't be made static (because of
cross-object usage) but should be (e.g.,
new_connection). For backward source
compatibility with Apache 1.2 a new header file named
compat.h was created which provides defines for
the old symbol names. You'll either have to #include
compat.h or update the API symbols you use.

Use of SERVER_VERSION definition. If
third-party modules reference the server version string using
this symbol, they should be corrected to obtain it by calling
the new API routine
const char *ap_get_server_version().

ap_construct_url prototype change. The
second parameter was previously a server_rec, it
has been changed to a request_rec.

The table datatype has been made an opaque
type. Code which assumes a table is the same
as an array_header will not compile. This is
actually a change to enforce the API the way it was
intended, all versions of Apache have had a
table_elts() function which is intended for
code which needs to access the elements of a table. The
changes required for this are pretty easy, and work with
all versions of Apache.

Suppose t is a table. Whenever code refers
to t->elts, replace it with something like
this: